f45151f9b4247a9c701d20bf46da49e357dd7924d0a98d5583e4451c4676e20a | Triage

Analysis

max time kernel
149s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/10/2022, 15:30

Sharing

Report Analysis Logs

General

Target

cells2022.06.28.exe
Size

1023KB
MD5

8e663b28c0eb4561b557544016c78017
SHA1

634dfed5a3ab93bfa45c76494e11e1239c2b2b18
SHA256

eace8c7ae4a071b1767925483651abcd2650c155688e74c9822150596464369f
SHA512

4b0f2ec1b1136df868b286ff89d7a0d274afc9baf4d53b5d09aa8af62c32da5a28417b7cd5a9c55c1748cf5daa8c4c984c0fcc50fe50a7613e0fc7f4a29e0f00
SSDEEP

12288:I55nnhg2FXy4wa1AOfhnsdM9olx0oSuN6z/+cKBlQVEQimIZGi1eQqhaYsHrFacD:6fUMAxgOBlPQ617yanHRyRHqU

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1536-55-0x0000000000400000-0x0000000000627000-memory.dmp	upx
behavioral1/memory/1536-56-0x0000000000400000-0x0000000000627000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1536	cells2022.06.28.exe
1536	cells2022.06.28.exe

C:\Users\Admin\AppData\Local\Temp\cells2022.06.28.exe
"C:\Users\Admin\AppData\Local\Temp\cells2022.06.28.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1536-54-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download
memory/1536-55-0x0000000000400000-0x0000000000627000-memory.dmp

Filesize
2.2MB

Download
memory/1536-56-0x0000000000400000-0x0000000000627000-memory.dmp

Filesize
2.2MB

Download